CVE-2018-7910
First published: Tue Nov 13 2018(Updated: )
Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Alp-al00b Firmware | =8.0.0.1.18d\(c00\) | |
| Huawei ALP-AL00B | ||
| Huawei Alp-tl00b Firmware | =8.0.0.1.18d\(c01\) | |
| Huawei Alp-tl00b | ||
| Google Android | =8.0.0.1.18d\(c00\) | |
| Google Android | ||
| Huawei Bla-l09c Firmware | =8.0.0.127\(c432\) | |
| Huawei Bla-l09c Firmware | =8.0.0.128\(c432\) | |
| Huawei Bla-l09c Firmware | =8.0.0.137\(c432\) | |
| Huawei Bla-l09c | ||
| Huawei Bla-l29c Firmware | =8.0.0.127\(c432\) | |
| Huawei Bla-l29c Firmware | =8.0.0.137\(c432\) | |
| Apple tvOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-7910?
The severity of CVE-2018-7910 is medium with a score of 6.8.
Which Huawei smartphones are affected by CVE-2018-7910?
The Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) are affected by CVE-2018-7910.
What is the vulnerability in Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432)?
The vulnerability in these Huawei smartphones is an authentication bypass vulnerability.
How can an attacker exploit CVE-2018-7910?
An attacker can exploit CVE-2018-7910 by obtaining the user's smartphone and bypassing the authentication.
Is there a fix available for CVE-2018-7910?
Yes, Huawei has provided a security advisory with information on how to fix CVE-2018-7910. Please refer to the reference link for more details.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/huawei
- canonical/huawei alp-al00b firmware
- version/huawei alp-al00b firmware/8.0.0.1.18d\(c00\)
- canonical/huawei alp-al00b
- canonical/huawei alp-tl00b firmware
- version/huawei alp-tl00b firmware/8.0.0.1.18d\(c01\)
- canonical/huawei alp-tl00b
- canonical/google android
- version/google android/8.0.0.1.18d\(c00\)
- canonical/huawei bla-l09c firmware
- version/huawei bla-l09c firmware/8.0.0.127\(c432\)
- version/huawei bla-l09c firmware/8.0.0.128\(c432\)
- version/huawei bla-l09c firmware/8.0.0.137\(c432\)
- canonical/huawei bla-l09c
- canonical/huawei bla-l29c firmware
- version/huawei bla-l29c firmware/8.0.0.127\(c432\)
- version/huawei bla-l29c firmware/8.0.0.137\(c432\)
- canonical/apple tvos